Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SIGSEGV received in libOdbcFb.so: memcpy in JString constructor incorrect input parameter [ODBC174] #166

Closed
firebird-automations opened this issue Aug 4, 2014 · 3 comments

Comments

@firebird-automations
Copy link

Submitted by: Alexander Lebedev (alebedev)

I use linux (RHEL 6.2) version of ODBC fb driver built from source code.
My process has crashed with Segmentation fault on odbc::DriverManager::getConnection attempt. Please see the backtrace below:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffd999f700 (LWP 6802)]
0x00007fffef588bf5 in __memcpy_ssse3 () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install FirebirdCS-2.5.1.26351-0.amd64 bzip2-libs-1.0.5-7.el6_0.x86_64 cyrus-sasl-lib-2.1.23-13.el6.x86_64 glib2-2.22.5-6.el6.x86_64 glibc-2.12-1.47.el6.x86_64 glibmm24-2.22.1-1.el6.x86_64 keyutils-libs-1.4-3.el6.x86_64 krb5-libs-1.9-22.el6.x86_64 libaio-0.3.107-10.el6.x86_64 libcom_err-1.41.12-11.el6.x86_64 libcurl-7.19.7-26.el6_1.2.x86_64 libgcc-4.4.6-3.el6.x86_64 libgomp-4.4.6-3.el6.x86_64 libidn-1.18-2.el6.x86_64 libselinux-2.0.94-5.2.el6.x86_64 libsigc+20-2.2.4.2-1.el6.x86_64 libstdc+-4.4.6-3.el6.x86_64 libtool-ltdl-2.2.6-15.5.el6.x86_64 libunwind-1.0.1-1.el6.x86_64 libxml2-2.7.6-4.el6.x86_64 ncurses-libs-5.7-3.20090208.el6.x86_64 nspr-4.8.8-3.el6.x86_64 nss-3.12.10-16.el6.x86_64 nss-softokn-freebl-3.12.9-11.el6.x86_64 nss-util-3.12.10-2.el6.x86_64 openldap-2.4.23-20.el6.x86_64 openssl-1.0.0-20.el6.x86_64 perl-libs-5.10.1-119.el6_1.1.x86_64 udns-0.0.9-5.el6.x86_64 unixODBC2.2.14-11.el6.x86_64 zlib-1.2.3-27.el6.x86_64
(gdb) bt
#⁠0 0x00007fffef588bf5 in __memcpy_ssse3 () from /lib64/libc.so.6
#⁠1 0x00007fffe4f7ea62 in classJString::JString::setString(char const*, int) () from /usr/lib64/libOdbcFb.so
#⁠2 0x00007fffe4f7eda0 in classJString::JString::JString(char const*, int) () from /usr/lib64/libOdbcFb.so
#⁠3 0x00007fffe4fa17fd in OdbcJdbcLibrary::OdbcConnection::readAttribute(char const*) () from /usr/lib64/libOdbcFb.so
#⁠4 0x00007fffe4fa3f1c in OdbcJdbcLibrary::OdbcConnection::expandConnectParameters() () from /usr/lib64/libOdbcFb.so
#⁠5 0x00007fffe4f9ffb6 in OdbcJdbcLibrary::OdbcConnection::sqlDriverConnect(void*, unsigned char const*, int, unsigned char*, int, short*, int) () from /usr/lib64/libOdbcFb.so
#⁠6 0x00007fffe4f97630 in SQLDriverConnect () from /usr/lib64/libOdbcFb.so
#⁠7 0x00007fffee31bec2 in SQLDriverConnect () from /usr/lib64/libodbc.so.2
#⁠8 0x00007ffff7ba4395 in odbc::Connection::_connect (this=0x1390c800, connectString=<value optimized out>,
drvcompl=<value optimized out>) at connection.cpp:227
#⁠9 0x00007ffff7ba288b in odbc::DriverManager::getConnection (connectString="DSN=ocs_cfg_db;UID=sysdba;PWD=masterkey")
at drivermanager.cpp:231

After checking the source code of the driver, I believe I have found the root cause of the issue.
There is no check of the return value of SQLGetPrivateProfileString function in the function below
JString OdbcConnection::readAttribute(const char * attribute)
{
char buffer [256];
int ret = SQLGetPrivateProfileString (dsn, attribute, "", buffer, sizeof (buffer), env->odbcIniFileName);
return JString (buffer, ret);
}
Since SQLGetPrivateProfileString can return -1 in some cases (ex. can't open odbcini file), this -1 value is passed to memcpy function in JString constructor as one of arguments, which leads to crash.

I suggest to fix it by adding a check of the SQLGetPrivateProfileString return value
JString OdbcConnection::readAttribute(const char * attribute)
{
char buffer [256];
int ret = SQLGetPrivateProfileString (dsn, attribute, "", buffer, sizeof (buffer), env->odbcIniFileName);
if (ret < 0)
{
ret = 0;
}
return JString (buffer, ret);
}

PS Unfortunately I can't test the fix, since it is hard to reproduce the issue with filesystem which leads to odbcini file reading problems.

Commits: 706944f 8922177

@firebird-automations
Copy link
Author

Commented by: @alexpotapchenko

Fixed in CVS

@firebird-automations
Copy link
Author

Modified by: @alexpotapchenko

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 2.0.4 [ 10662 ]

@firebird-automations
Copy link
Author

Modified by: @alexpotapchenko

status: Resolved [ 5 ] => Closed [ 6 ]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants